validns icon indicating copy to clipboard operation
validns copied to clipboard
verified publisher icon tobez

Check that everything that should be signed is in fact signed

Open tobez opened this issue 13 years ago • 2 comments

tobez avatar Mar 22 '12 14:03 tobez

Hi, an implementation of a feature like that would be very appreciated. At first maybe counting is a possibility. The number of authoritative resource records compared with the number of RRSIGs. I will try to discuss about a algorithm to count with my colleagues and give input for help.

A second feature in this direction could be very nice. To check, if every authoritative resource record has a RRSIG record.

greets and thanks a lot

Christian

vigodeltoro avatar Jun 26 '15 09:06 vigodeltoro

Hi, here is my suggestion for the "algorithm": #A-RRSET's + #AAAA-RRSET's + #MX-RRSET's + #DS-RRSET's + #NSEC3-RR's = #RRSIGS

We already have a patch for counting the number of records for each type. Now I'm gonna try to extend it for counting RRSETs of specfic types.

After this, it should be quite easy to implement comparison for count of records which should be signed and actual count of RRSIGs.

manuel-domke avatar Jun 29 '15 09:06 manuel-domke